Odd access activity

Roger Oberholtzer roger
Mon Aug 23 02:10:36 PDT 2004 

I get the following in a server log quite often (more than once a day).
All that changes is the IP address. What they are up to? Could it just
be a probe? Trying a user called 'test', 'guest', 'admin' and 'user'?
If anyone else has such users on an externally connected machine, make
them secure for these users (at least). I am sure I am not the only
target of such a probe. I am tempted top make such a user and see what
they try. I wonder how I could see what password they are trying. Maybe
they are not trying one. Just a blank one. The names look NTish, so I
bet they are looking for unsecured Windows NT/2000/XP boxes. Anyone else
see these?

Aug 18 17:08:41 seaotter sshd[20626]: input_userauth_request: illegal
user test
Aug 18 17:08:41 seaotter sshd[20626]: Failed password for illegal user
test from 210.223.178.180 port 44600 ssh2
Aug 18 17:08:44 seaotter sshd[20627]: input_userauth_request: illegal
user guest
Aug 18 17:08:44 seaotter sshd[20627]: Failed password for illegal user
guest from 210.223.178.180 port 44913 ssh2
Aug 18 17:08:47 seaotter sshd[20628]: input_userauth_request: illegal
user admin
Aug 18 17:08:47 seaotter sshd[20628]: Failed password for illegal user
admin from 210.223.178.180 port 45150 ssh2
Aug 18 17:08:50 seaotter sshd[20629]: input_userauth_request: illegal
user admin
Aug 18 17:08:50 seaotter sshd[20629]: Failed password for illegal user
admin from 210.223.178.180 port 45385 ssh2
Aug 18 17:08:52 seaotter sshd[20630]: input_userauth_request: illegal
user user
Aug 18 17:08:52 seaotter sshd[20630]: Failed password for illegal user
user from 210.223.178.180 port 45623 ssh2


+????????????????????????????+???????????????????????????????+
? Roger Oberholtzer          ?   E-mail: roger at opq.se        ?
? OPQ Systems AB             ?      WWW: http://www.opq.se/  ?
? Nybrogatan 66 nb           ?    Phone: Int + 46 8   314223 ?
? 114 41 Stockholm           ?   Mobile: Int + 46 733 621657 ?
? Sweden                     ?      Fax: Int + 46 8   314223 ?
+????????????????????????????+???????????????????????????????+

More information about the Linux-users mailing list